Remove /usr/bin/install from allowed commands

This essentially allows the user to copy any files and set any ownership on any files. Can be used to do anything on the system and all users in 'kolla' group have access to it. Change-Id: I9d6cd2b4ca40cb536484fa45e80692105b5fa2a4
2016-12-18 20:48:27 +00:00 · 2016-12-18 20:48:27 +00:00 · 73681e7607
commit 73681e7607
parent 26fb747b0a
1 changed files with 1 additions and 1 deletions
--- a/docker/base/sudoers
+++ b/docker/base/sudoers
@ -13,6 +13,6 @@ root ALL=(ALL) ALL

 # anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
 # root user via sudo without password confirmation
-%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs, /usr/bin/install
+%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs

 #includedir /etc/sudoers.d